// src/stores/authStore.js import { defineStore } from 'pinia' import api from 'src/services/api' import { usePermissionStore } from 'stores/permissionStore' function normalizeRoleCode (value) { return String(value || '').trim().toLowerCase() } function roleCodeFromUser (user) { if (!user || typeof user !== 'object') return '' return normalizeRoleCode( user.role_code ?? user.roleCode ?? user.RoleCode ) } function decodeJwtPayload (token) { const raw = String(token || '').trim() if (!raw) return null const parts = raw.split('.') if (parts.length !== 3) return null try { const base64 = parts[1] .replace(/-/g, '+') .replace(/_/g, '/') .padEnd(Math.ceil(parts[1].length / 4) * 4, '=') const json = atob(base64) return JSON.parse(json) } catch { return null } } export const useAuthStore = defineStore('auth', { state: () => { let user = null try { const raw = localStorage.getItem('user') if (raw && raw !== 'undefined' && raw !== 'null') { user = JSON.parse(raw) } } catch { console.warn('⚠️ Invalid user in localStorage, cleared') localStorage.removeItem('user') } return { token: localStorage.getItem('token'), user, forcePasswordChange: localStorage.getItem('forcePasswordChange') === '1' } }, getters: { isAuthenticated: s => !!s.token, mustChangePassword: s => !!s.forcePasswordChange, // 🔥 TEK ADMIN KURALI isAdmin: s => { const fromUser = roleCodeFromUser(s.user) if (fromUser) return fromUser === 'admin' const payload = decodeJwtPayload(s.token) return normalizeRoleCode(payload?.role_code) === 'admin' } }, actions: { /* ========================================================= 🔐 SESSION ========================================================= */ setSession ({ token, user }) { this.token = token if (user) { // Keep prior role fields if backend returns partial user payload. this.user = { ...(this.user || {}), ...user } } else { this.user = null } this.forcePasswordChange = !!user?.force_password_change localStorage.setItem('token', token) if (user) { localStorage.setItem('user', JSON.stringify(user)) } else { localStorage.removeItem('user') } localStorage.setItem( 'forcePasswordChange', this.forcePasswordChange ? '1' : '0' ) }, clearSession () { this.token = null this.user = null this.forcePasswordChange = false localStorage.removeItem('token') localStorage.removeItem('user') localStorage.removeItem('forcePasswordChange') usePermissionStore().clear() }, /* ========================================================= 🔐 LOGIN ========================================================= */ async login (username, password) { const res = await api.post('/auth/login', { username, password }) const token = res?.token || res?.data?.token || res?.access_token || res?.data?.access_token const user = res?.user || res?.data?.user // ✅ JWT doğrulama const tokenStr = typeof token === 'string' ? token.trim() : '' const looksLikeJwt = tokenStr.split('.').length === 3 if (!tokenStr || !looksLikeJwt) { console.error('❌ LOGIN RESPONSE (unexpected):', res) throw new Error('Invalid login token') } this.setSession({ token: tokenStr, user }) // 🔥 PERMISSIONS const perm = usePermissionStore() await perm.fetchPermissions() // 🧪 DEBUG (istersen sonra kaldır) console.log('🔐 AUTH DEBUG', { isAdmin: this.isAdmin, users: perm.hasPermission('/api/users/list'), orders: perm.hasPermission('/api/orders/list'), logs: perm.hasPermission('/api/activity-logs'), permissions: perm.hasPermission('/api/permissions/matrix') }) return true } } })